In late 2023, Finland’s National Cybersecurity Center (NCSC-FI) observed a significant uptick in Akira ransomware attacks, with six out of seven reported incidents in December attributed to this malware family. (kyberturvallisuuskeskus.fi)
Akira ransomware, first detected in Finland in June 2023, has been particularly active during the end of the year. (kyberturvallisuuskeskus.fi)
The attackers exploited a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) devices, identified as CVE-2023-20269. (bankinfosecurity.com)
This vulnerability allowed unauthorized attackers to conduct brute-force attacks, identifying valid usernames and passwords, especially when multi-factor authentication (MFA) was not enabled. (bankinfosecurity.com)
Explore the data solution with built-in protection against ransomware TrueNAS.
Once inside the network, the attackers meticulously destroyed backups, including Network-Attached Storage (NAS) devices and automatic tape backup systems. (bleepingcomputer.com)
In almost every known case, all backups were lost, amplifying the damage and pressuring victims to pay the ransom. (bleepingcomputer.com)
To protect against such attacks, NCSC-FI recommends organizations implement offline backups and follow the 3-2-1 backup rule: maintain at least three backups in two different locations, with one copy completely off the network. (bleepingcomputer.com)
Additionally, organizations should keep network devices updated and enable multi-factor authentication to prevent unauthorized access. (kyberturvallisuuskeskus.fi)
By adopting these measures, organizations can enhance their resilience against ransomware attacks and safeguard critical data.
The focus on backup destruction highlights the critical need for immutable storage solutions, alongside the 3-2-1 rule, to ensure data recovery even if primary and secondary backups are compromised by sophisticated ransomware like Akira.
That’s a great point! Immutable storage is definitely key, adding an extra layer of protection beyond the 3-2-1 rule. It’s becoming increasingly important as ransomware tactics evolve to target backups directly. What strategies are people finding most effective for implementing immutable storage?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
Brute-forcing because MFA wasn’t enabled? Sounds like someone forgot Cybersecurity 101! I wonder if these organizations had strong password policies in place, or if “password123” was the key to their kingdom?